Hacking by Numbers: Bootcamp Edition

SensePost

// july 24 - 27

USA 2010 Weekend Training Session //July 24-25

USA 2010 Weekday Training Session //July 26-27

Overview:

Hacking By Number Bootcamp Edition sits at the core of the HBN series. It’s a highly practical course that teaches method-based hacker thinking, skills and techniques. This course, offered for the fifth year now, continues to receive support and acclaim from all over the world.

At SensePost we believe that hacking is a way of thinking, and that this way of thinking can be taught. Combined with the correct tools and technical tradecraft hacking is developed into a predictable science. Hacking By Numbers Bootcamp Edition teaches a method-based approach to hacking into networks and systems over the Internet. The method taught consists of seven distinct phases that each have their own objectives, techniques and tools. Students are provided with fully-configured laptop computers that are used stage-for-stage to complete fifteen different technical exercises.

The course runs for two days during which the SensePost trainers will walk you, step-by-step, through real-life hacking attacks. We'll start by identifying the target systems, teach you how to breach the target perimeter, and demonstrate how to extend these attacks in order to completely compromise the internal networks.

Update: March 16: We have made changes to the content of our HBN BootCamp course. We have updated the course content to include the following attack vectors, vulnerabilities and environments:

Web applications

Client-side attack vectors

Intranet vulnerabilities and exploits

Time-based attacks

Privilege Escalation and Pivot attacks

Third Party software exploitation

Data Extrusion techniques

We believe this will significantly change the course content and encourage you to sign up for our training.

Prerequisites:

SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. No hacking experience is required for this course, but a solid technical grounding is an absolute must. Students are expected to be versed in basic programming or scripting, networking and Internet technologies, ‘nix and Windows operating systems, basic SQL and database technologies. No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class. Students without the requisite technical skills are encouraged to consider ‘Cadet Edition’. Cadet and Bootcamp Edition can be taken back-to-back.

Context:

This course follows directly on from ‘Cadet Edition’ and serves as a prerequisite for the ‘Combat Edition.’ As always, the course can also be taken without any of the others. Bootcamp Edition can be taken back-to-back with either Cadet Edition (for beginners) or Combat Edition for more advanced students.

Who should attend:

Information security officers, system and network administrators, security consultants, government agencies and other nice people will all benefit from the valuable insights provided by this class.

What to bring:

Just Yourself. All necessary equipment will be provided, including pre-configured laptops, tools and utilities.

Free additional tools workshop:

After the first day of the course SensePost offers a free additional workshop on using their suite of hacking tools, including Wikto, Aura, Suru, Crowbar, BidiBLAH and others, copies of which will be distributed to all students. The tools workshop is open to all attendees of any SensePost course and run in the evening after training. Precise times and locations will be announced during the training courses.

Course Length:

Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.

Trainers:

SensePost proposes to use experienced world-class technicians with extensive training experience. The course will be presented by one of the following course leaders:

Bradley Jayanath joined SensePost as the team leader for the assessment team after 9 years in the Networking and security industry. He has extensive experience on all types of security assessments and has completed major security projects in the Americas. Bradley has been involved in the training course material since appointment has got extensive experience that he brings to each training course.

Nicholas Arvanitis is an Associate at SensePost, where he leads SensePost's security assessment and penetration testing team. Nicholas has spoken and trained throughout South Africa, Europe and the United States, including at prestigious events such as the Black Hat Briefings and Defcon. His area of expertise is in web application assessment, network security assessment and vulnerability management.

Marco Slaviero (MSc) is an associate at SensePost focused on providing penetration testing services to global clients in the financial services, mining and telecommunications sectors. Marco specializes in web application assessments with a side interest in thick applications and network assessments. His background is academic and he finds the security industry a little bewildering if complete fun.

Ian de Villiers is an associate security analyst for SensePost. Coming from a development background, his areas of expertise are in application and web application assessments. Ian has spent considerable time researching application frameworks, and has published a number of advisories relating to portal platforms. He has also provided training on web application security at prestiguous events such as the BlackHat briefings in the USA and spoken at security conferences on this topic.